TOKYO (MacHouse) – It’s been three days since we reported the first occurrence of hacked websites used to redirect Internet users to the fake anti-virus scan website at antivirus-scanonline.com. There has been only one website being victimized for the past 24 hours. We now know that the file that we are forced to download at the website of antivirus-scanonline.com contains a computer virus, which Sophos calls Troj/FakeVir-BF.
Criminals never quit until the very moment when they get arrested and end up in jail. If the cyber criminal group responsible for hacking websites and spreading malware containing a Trojan virus is not in jail now, chances are that they are already working on a new anti-virus campaign.
The same cyber scum group is likely to be responsible for registering two domains that have been used to redirect Internet users to fake anti-virus scan websites. These domains are antivirus-scanner.com and antivirus-scanonline.com. And these domains are both registered through privately-owned ICANN-accredited domain name registrar called eNom. According to Wikipedia, this Redmond (Washington)-based company was the (possibly, world’s) second largest domain registrar in August, 2007.
Screenshot 01 – Source: completewhois.com
Screenshot 02 – Source: completewhois.com
So what is going to be the name of a next anti-virus domain? So we spent some quiet moment, choosing a next possible name. The following names are not registered yet.
Wikipedia – eNom
File Determined to Contain Troj/FakeVir-BF
What Do We Know About These Fake Anti-Virus Scan Websites?
Lehigh University’s Multiple Department Websites Exploited for Redirection to ANTIVIRUS-SCANONLINE.COM
ANTIVIRUS-SCANONLINE.COM: 15 Websites Victimized in the Latest ‘?prj’ Exploitation Scheme
Warning: A New Fake Anti-Virus Scan Website Discovered